Skip to content

Commit

Permalink
Drop deployment ability of providers and RPM support
Browse files Browse the repository at this point in the history
  • Loading branch information
@ehelms
ehelms committed May 3, 2024
1 parent b9667a0 commit 91651c5
Show file tree
Hide file tree
Showing 11 changed files with 44 additions and 196 deletions.
60 changes: 12 additions & 48 deletions lib/puppet/provider/ca/katello_ssl_tool.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,55 +6,19 @@
protected

def generate!
if existing_pubkey
FileUtils.mkdir_p(build_path)
FileUtils.cp(existing_pubkey, build_path(File.basename(pubkey)))
katello_ssl_tool('--gen-ca',
'--dir', resource[:build_dir],
'--ca-cert-dir', target_path('certs'),
'--ca-cert', File.basename(pubkey),
'--ca-cert-rpm', rpmfile_base_name,
'--rpm-only')
else
katello_ssl_tool('--gen-ca',
'--dir', resource[:build_dir],
'-p', "file:#{resource[:password_file]}",
'--force',
'--ca-cert-dir', target_path('certs'),
'--set-common-name', resource[:common_name],
'--ca-cert', File.basename(pubkey),
'--ca-key', File.basename(privkey),
'--ca-cert-rpm', rpmfile_base_name,
*common_args)
katello_ssl_tool(
'--gen-ca',
'--dir', resource[:build_dir],
'--password', "file:#{resource[:password_file]}",
'--force',
'--ca-cert-dir', resource[:build_dir],
'--set-common-name', resource[:common_name],
'--ca-cert', File.basename(pubkey),
'--ca-key', File.basename(privkey),
'--no-rpm',
*common_args
)

end
super
end

def existing_pubkey
if resource[:ca]
ca_details[:pubkey]
elsif resource[:custom_pubkey]
resource[:custom_pubkey]
end
end

def deploy!
if File.exist?(rpmfile)
# the rpm is available locally on the file system
rpm('-Uvh', '--force', rpmfile)
else
# we search the rpm in yum repo
yum("install", "-y", rpmfile_base_name)
end
end

def files_to_deploy
[pubkey]
end

def self.privkey(name)
build_path("#{name}.key")
end

end
34 changes: 9 additions & 25 deletions lib/puppet/provider/cert/katello_ssl_tool.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,27 +10,15 @@ def generate!
'--server-cert', File.basename(pubkey),
'--server-cert-req', File.basename(req_file),
'--server-key', File.basename(privkey),
'--server-rpm', rpmfile_base_name ]
'--no-rpm' ]

if resource[:custom_pubkey]
FileUtils.mkdir_p(build_path)
FileUtils.cp(resource[:custom_pubkey], build_path(File.basename(pubkey)))
FileUtils.cp(resource[:custom_privkey], build_path(File.basename(privkey)))
if resource[:custom_req]
FileUtils.cp(resource[:custom_req], build_path(File.basename(req_file)))
else
File.open(build_path(File.basename(req_file)), 'w') { |f| f.write('') }
end
args << '--rpm-only'
else
resource[:common_name] ||= resource[:hostname]
args.concat(['-p', "file:#{resource[:password_file]}",
'--set-hostname', resource[:hostname],
'--set-common-name', resource[:common_name],
'--ca-cert', ca_details[:pubkey],
'--ca-key', ca_details[:privkey]])
args.concat(common_args)
end
resource[:common_name] ||= resource[:hostname]
args.concat(['--password', "file:#{resource[:password_file]}",
'--set-hostname', resource[:hostname],
'--set-common-name', resource[:common_name],
'--ca-cert', ca_details[:pubkey],
'--ca-key', ca_details[:privkey]])
args.concat(common_args)

if resource[:cname]
if resource[:cname].is_a?(String)
Expand All @@ -47,10 +35,6 @@ def generate!
protected

def req_file
"#{self.pubkey}.req"
end

def build_path(file_name = '')
self.class.build_path(File.join(resource[:hostname], file_name))
"#{pubkey}.req"
end
end
127 changes: 22 additions & 105 deletions lib/puppet/provider/katello_ssl_tool.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,43 +5,24 @@ class Cert < Puppet::Provider

initvars

commands :rpm => 'rpm'
commands :yum => 'yum'
commands :katello_ssl_tool_command => 'katello-ssl-tool'

def exists?
! generate? && ! deploy?
!generate?
end

def create
generate! if generate?
deploy! if deploy?
end

def destroy
files_to_deploy.each do |file|
FileUtils.rm_f(file)
end

output = execute([:rpm, '-q', rpmfile_base_name], failonfail: false)
if output.exitstatus == 0
rpm('-e', rpmfile_base_name)
end
end

def self.details(cert_name)
details = { :pubkey => pubkey(cert_name),
:privkey => privkey(cert_name) }

return details
end

def self.pubkey(name)
target_path("certs/#{name}.crt")
end

def self.privkey(name)
target_path("private/#{name}.key")
def details(cert_name)
return {
:pubkey => pubkey(cert_name),
:privkey => privkey(cert_name)
}
end

protected
Expand All @@ -59,49 +40,12 @@ def generate!
def generate?
return false unless resource[:generate]
return true if resource[:regenerate]
return true if File.exist?(update_file)
return files_to_generate.any? { |file| ! File.exist?(file) }
return true if File.exists?(update_file)
return true unless (File.exist?(pubkey) && File.exist?(privkey))
end

def files_to_generate
[rpmfile]
end

def deploy?
return false unless resource[:deploy]
return true if resource[:regenerate]
return true if files_to_deploy.any? { |file| ! File.exist?(file) }
return true if needs_deploy?
end

def files_to_deploy
[pubkey, privkey]
end

def deploy!
if File.exist?(rpmfile)
if(system("rpm -q #{rpmfile_base_name} &>/dev/null"))
rpm('-e', rpmfile_base_name)
end
rpm('-Uvh', '--force', rpmfile)
else
# we search the rpm in yum repo
yum("install", "-y", rpmfile_base_name)
end
end

def needs_deploy?
if File.exist?(rpmfile)
# the installed version doesn't match the rpmfile
!system("rpm --verify -p #{rpmfile} &>/dev/null")
else
`yum check-update #{rpmfile_base_name} &>/dev/null`
$?.exitstatus == 100
end
end

def version_from_name(rpmname)
rpmname.scan(/\d+/).map(&:to_i)
def update_file
build_path("#{resource[:name]}.update")
end

def common_args
Expand All @@ -114,56 +58,29 @@ def common_args
'--cert-expiration', resource[:expiration]]
end

def rpmfile
path = self.build_path("#{rpmfile_base_name}")
path = path + "-[0-9].*" + "noarch.rpm"

rpmfile = Dir[path].max_by do |file|
version_from_name(file)
end

rpmfile ||= self.build_path("#{rpmfile_base_name}.noarch.rpm")
return rpmfile
end

# file that indicates that a new version of the rpm should be updated
def update_file
self.build_path("#{rpmfile_base_name}.update")
end

def rpmfile_base_name
resource[:name]
end

def pubkey
self.class.pubkey(resource[:name])
end

def privkey
self.class.privkey(resource[:name])
def pubkey(cert_name = resource[:name])
build_path("#{cert_name}.crt")
end

def target_path(file_name = '')
self.class.target_path(file_name)
end

def self.target_path(file_name = '')
File.join("/etc/pki/katello-certs-tools", file_name)
def privkey(key_name = resource[:name])
build_path("#{key_name}.key")
end

def build_path(file_name = '')
self.class.build_path(file_name)
end
path = resource[:build_dir]

if resource.to_hash.key?(:hostname)
path = "#{path}/#{resource[:hostname]}"
end

def self.build_path(file_name = '')
File.join("/root/ssl-build", file_name)
File.join(path, file_name)
end

def ca_details
return @ca_details if defined? @ca_details
if ca_resource = resource.catalog.resource(@resource[:ca].to_s)
name = ca_resource.to_hash[:name]
@ca_details = Puppet::Provider::KatelloSslTool::Cert.details(name)
@ca_details = details(name)
else
raise 'Wanted to generate cert without ca specified'
end
Expand Down Expand Up @@ -221,7 +138,7 @@ def cert_details
return @cert_details if defined? @cert_details
if cert_resource = resource.catalog.resource(@resource[:key_pair].to_s)
name = cert_resource.to_hash[:name]
@cert_details = Puppet::Provider::KatelloSslTool::Cert.details(name)
@cert_details = details(name)
else
raise 'Cert or Ca was not specified'
end
Expand Down
8 changes: 0 additions & 8 deletions lib/puppet_x/certs/common.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,6 @@ module Common

newparam(:name, :namevar => true)

newparam(:custom_pubkey)

newparam(:custom_privkey)

newparam(:custom_req)

newparam(:common_name)

newparam(:cname)
Expand All @@ -38,8 +32,6 @@ module Common

newparam(:regenerate)

newparam(:deploy)

newparam(:password_file)

newparam(:build_dir) do
Expand Down
1 change: 0 additions & 1 deletion manifests/apache.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down
2 changes: 0 additions & 2 deletions manifests/ca.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,9 @@
org_unit => $org_unit,
expiration => $ca_expiration,
generate => $generate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
$default_ca = Ca[$default_ca_name]

if $certs::server_ca_cert {
file { $server_ca_path:
Expand Down
2 changes: 0 additions & 2 deletions manifests/candlepin.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand All @@ -62,7 +61,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down
1 change: 0 additions & 1 deletion manifests/foreman.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down
2 changes: 0 additions & 2 deletions manifests/foreman_proxy.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand All @@ -93,7 +92,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,5 +123,5 @@
Class['certs::config'] ->
Class['certs::ca']

$default_ca = $certs::ca::default_ca
$default_ca = Ca[$default_ca_name]
}
1 change: 0 additions & 1 deletion manifests/puppet.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@
ca => $certs::default_ca,
generate => $generate,
regenerate => $regenerate,
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
}
Expand Down

0 comments on commit 91651c5

Please sign in to comment.